Discussion of krb5_get_init_creds_password() behavior was Re:problem with the kinit_prompter in kfw 2.5

[Sam Hartman]

>>>>> "John" == John Hascall <john at iastate.edu> writes:

    >> So, I'm confused.  I agree there is a problem if you enter in a
    >> null password and in that case you will get double prompted.

    >> In all other cases I fail to see the problem.  Note that you
    >> have to explicitly declare your list of master KDCs.  By
    >> default in 1.3.x, no KDCs are masters and no second attempt is
    >> made.

    John> And that was the problem Beata Pruski mentioned.  If no
    John> master kdcs are defined, and a user has an expired password,
    John> then

    John>    the 1st call returns KRB5_EXPIRED_PASSWORD (or whatever
    John> it is), then

    John>    the 2nd call fails with that oddly named REALM error, and
    John> *that* gets returned

And Alexis mentioned this has already been fixed.